In what seems to be becoming a pattern, four Wells Fargo servers have been reported as missing. The servers were actually located at a vendor's facility, the Atlanta office of Regulus Integrated Solutions. It is believed that sensitive information, including Social Security numbers and customer account numbers, of thousands of mortgage and student loan customers was stored in the stolen hardware. The incident actually occurred in mid-October, and beginning on October 25th the company began warning customers whose data was stored on the missing computers, recommending that they notify the three major credit agencies of possible data theft. Additionally, the company is offering affected users 12 months free use of its credit monitoring service. This is the third time in a year that Wells Fargo computers containing customers' personal data have been stolen, though Wells Fargo says it has received no reports of that information being misused (perhaps due to encryption of the info on the computers).

USER COMMENTS 27 comment(s)

Secrets(1:30pm EST Thu Nov 04 2004)I will not reveal where they are….but they are doing quite well as game servers…… – by The Shadow

Number 1 is phyical security(1:57pm EST Thu Nov 04 2004)Regulus Integrated Solutions has now moved to the bottom of the list of places I would tell someone to Colocate a server. The fact that someone could walk out with hardware and they have no idea who it was is just scary.

In fact forget it they are off the list completely. If I had Wells Fargo as a customer you would need a bunker buster to get to the servers.

This is just sad.

– by Rax

They should offer more than(2:22pm EST Thu Nov 04 2004)12 months free use of its credit monitoring service. They should pay for the time and efforts these people will have to use based on their current salaries! Companies need to think a little bit about how important it is to secure customer data. – by Nunhgrader

WELLS FARGO BANK IS NOT TO BE TRUSTED!!(3:41pm EST Thu Nov 04 2004)How can they lost the server. The person who stole it will ruin every customers Identies and their lives.

WELLS FARGO have to pay everyone who have account with them $10,000 or more to reduce the customers worries. – by ranger-guy

NO Direction(4:29pm EST Thu Nov 04 2004)Sounds like there is not a mandate for security like many companies. – by spacedude

The more things change,(4:40pm EST Thu Nov 04 2004)I worked as a contractor for Wells Fargo in 2000/2001 as part of a team deploying workstations nationwide to stock brokers, loan officers, trust officers and some others.

While replacing a bunch of PC's in a downtown Minneapolis location, we started piling up the old PC's in an unused office. Somebody stole at LEAST 25 hard drives (as well as RAM & CPU's) from those PC's. As far as I know, this was never reported to anyone beyond our dept.

I don't know exactly what information would have been on those drives.– by Like I'd Tell You

jeez, you'd think that in our era of “security” that we'd be a bit more careful about what happens. if this happened in the medical industry (my field) this would be MASSIVE. fines and legal issues would abound. but no, it's merely something as small as a persons financial future. no big deal. just as big as life itself in today's world…..fire the whole office, starting from the top, and put some GEEKS on the job to really do it right, not some bureaucratic money grabbing fart knocker. – by the Toad

Not the maid(5:38pm EST Thu Nov 04 2004)It was not the cleaning crew. Several of us had the same suspicion as to who did it, but to my knowledge, nothing was ever done.– by Like I'd Tell You

Not their falt(6:05pm EST Thu Nov 04 2004)I wan not Wells fault. They had faith that a vendor would follow security protocol and the vendor coulds not even spell the word. Money is the issue here,The lack of decision I bet or could it be deeper? The vendor should be the one that needs to pay up! – by Blame

This is “I'm sorry”?(6:40pm EST Thu Nov 04 2004)It may not have been Wells' fault, but they are in a position where they have to take the blame. We gave out confidential information, with the reassurance that this information would remain confident. I am only 21 years old, and it is possible that my credit could be screwed for the rest of my life. Wells Fargo needs to step up and do something to restore the faith of their customers merely a year of credit monitoring service is far from being apoligetic it's only a way to cover their own hides. – by that girl

Re: That Girl(7:01pm EST Thu Nov 04 2004)Keep working so that you and others like you can help pay my Social Security. Sorry that there will not be any left for you but I am glad Bush is going to take care of my A–.

If you are lucky there might be some crumbs left when you get old. LOLOLOLOL

Happy to be GOP :) – by WD

hey blame(7:06pm EST Thu Nov 04 2004)errrrr…..it's not Swells Fargo's fault? if you bite into a burger at Burger Thing, and you eat a condom, and the condom was in the lettuce packaging, you sue burger thing. burger thing kicks the account out.

grow up. if your kids light a house on fire, its your fault. same thing in the corporate world – by the DoKToR

Credit report (7:11pm EST Thu Nov 04 2004)I agree , I am 30 and when someone started using my Social sec # on 1998 they screwed up my credit 13 credit cards and 15 K on debts. Couldn't delete those accounts on 2 years so Social security issued a new Number for me, now i bank with Wells Fargo and maybe my new SSN is already being used. For me 1 year of free credit reporting its nothing how much time you spend on the phone and on hold talking with each credit card and their Fraud departments?? at least 45 min each and then the follow up plus the time you cant even buy a 1985 car because you dont have credit, then your if you already have a place to live you are lucky if not no one will rent you a place because of your bad credit. also the people on the credit cards wnts you to pay them back no matter what and their fraud departments think you are the bad guy calling. All this is bull.. shhh Wells fargo should at least pay back people for their errors their lack of security its a shame. Because we give our information to the Bank when we open a new account not to the contractors, that is their problem who they pay to get their Hardware runing. my 2 cents – by Bandido

It is Well Fargos fault(10:13am EST Fri Nov 05 2004)You deal with them, you give them your personal info. It is Well Fargos responsibility to mantain that that personal info remains safe and private. By allowing that data to be stored in an insecure location doesnt negate that responsibility, no matter where or what company it may outsource that storage too. – by UseNet

SHUT DOWN WELLS FARGO(12:24pm EST Fri Nov 05 2004)or they will destroy your life! How can someone walk out the bank with a bag full of hard drives? no one notice that it could be a bank robbery?

– by Unknown

My first hate site(2:50pm EST Fri Nov 05 2004)The very first hate site I encountered on the web was dedicated to venting hate towards Wells Fargo. Sounded like the person venting had no idea what banks are in business to do. When most business men take your money, at least most of them have the courtesy to pretend they are selling you something, not just taking your money and then charging you for keeping it! Now they not only lose your personal info, but the reason they are not greatly concerned is because they sell it anyway! Read your bank's privacy policy – if you can find one or if they even pretend to have one. Banks steal your money & sell personally identifiable information. Wake Up!! – by Crash N.

jeez, you're so dumb i think i just lost a few IQ points – by the Toad

Unknown(4:51pm EST Fri Nov 05 2004)The theft I referred to was not in a banking center. It was in an office building. It takes a lot of support staff to keep the customer facing folks going. We were walking around with bags and back packs full of all kinds of crap. Most non-tech folks can barely hook a PC up let alone identify the parts.

Like I said, we were piling up the old PC's in an unused office. We were in and out of it all day. We only discovered the theft when we did because someone forgot to transfer data to the new PC so we went to get the old one and it kinda had problems booting up……

It probably didn't happen in one day anyway. We were there all week.

– by Like I'd Tell You

One More Thing(4:56pm EST Fri Nov 05 2004)It is also worth pointing out that just because computers are stolen doesn't mean the thieves are able to get info off the hard drive. None of us have any clue what OS was running, what kind of file protection or encryption is in place, or even what kind of DB is holding the info.

Besides, the theives might not even want the data. They may just want to resell the hardware. In which case they would probably format the drives anyway, putting the info out of reach of 99.9% of the world.

Not to make excuses for some really sloppy security. – by Like I'd Tell You

Blown out of proportion(5:28am EST Tue Nov 09 2004)I work for Wells Fargo. All the data is encrypted. WF owns it's own software development company, and all of the software and encryption is proprietary to Wells Fargo. You have a much better chance of someone stealing your identity by hacking you on the internet, than you have of someone cracking the encryption on our stuff. Besides someone could get your SSN and even your signature from public records that can be pulled up online. How many counties have mortgages and divorce decrees online for anyone to see. Check your credit at least twice a year for fraud. – by Dave

Recipient of Notification Letter(10:07pm EST Tue Nov 09 2004)Let me first comment on Dave's comment that this is being blown out of proportion. Dave…You indicate that we are more likely to have our information stollen by hacking on the internet. Well, I have one comment to that. The place where WF wants the people to go to and register for this identify theft protection is where? That's right…The internet…And, if the information needed is anything like the application (if you opt to mail that in verses registering on the internet) the first piece of information requested is, what…Yes, that's right, too…Your SSN…

Now…Onto my original comments prior to reading Dave's comments…

I received a letter from Wells Fargo regarding “certain personal and confidential information” about myself and my account being contained on one of four computers (not servers) stolen. “Specifically, the computer contained your name, address, Social Security number, and account information such as your student loan account number and loan balance. No passwords or personal identification numbers (PIN) associated with your account were on the computers.” (I'm so relieved that only my PIN was kept from being left unattended.) To be honest, I thought this might have been a scam either by Wells Fargo to pump-up additional interest in their identity theft protection service or was being generated by someone claiming to be Wells Fargo.

Contrary to what the “Blurb” above indicates, I was not instructed to “notify the three major credit agencies of possible data theft.” To top it off, to qualify for their offer to receive one year of service in their “Wells Fargo Select Identity Theft Protection” program (at no cost to me, of course) I must log onto a website and give them the very same information (on a “secure” website, I’m sure) they are indicating has been stolen or to fill-out the enclosed registration form, which, ironically is requesting my Social Security number as the very first field to enter. Yeah Right! Please tell me why would I even consider giving this company, who is unable to secure my information, another opportunity to enter this information onto yet another computer to be stolen?!

My hope is that the information contained on these computers contained my student loan balance information, as well. I have a strong hunch Wells Fargo would be singing a different tune if this were the information found on these computers. Oh that’s right! They wouldn’t have had that information located in a non-secure location. Now, wouldn’t they? – by N/A-Soon 2B Stolen

ttttturtle shell(7:38pm EST Wed Nov 17 2004)uh huh tutututturtle shell, i have the power to be green and very powerful. not only can i close my eyelids and still see, i can eat multiple fish and pellets within a matter of seconds ya heard.

– by mc Murly face

three times in a year!(7:12pm EST Sat Dec 11 2004)Maybe Wells Fargo does encrypt all data, but that doesn't pacify me one bit. I also received a letter and the useless offer of one year free membership in its identity theft program. I believe Wells Fargo should be sued. I believe it IS their fault and responsibility. They should have tighter security (in manpower) or choose a vendor who has good security measures in place (security guards, cameras, etc.)

To turn around and flaunt something that costs them next to nothing is an insult. If my SS# is used for anything fradulent, it will cost me dearly. – by tickedoff

Identity Theft Program a JOKE!(12:46pm EST Tue Dec 21 2004)I was in the October notification and enrolled immediately in the Service they offered for free for 12 months. It is now almost Jan. 2005 and I have yet to recieve a report or summary as promised. I was told my credit was being monitored daily and would receive an instant alert on activity, HA! I opened an account at a furniture store and they didn't even have a clue it happened. I am now seeking legal council and considering a class action if there are others having the same problems. DO NOT USE WELLS FARGO FOR ANYTHING! – by Steve